Update "timestamp" field by query (subtract time from the original field and reindex)

dboss101 · May 30, 2018, 10:05am

Hi,

I'm trying to create a rest call that will perform the following.

find all documents that match a simple query of field:value.
in those documents, update the value of the "timestamp" field to be timestamp - 1 minute.

I was thinking to do this with the update by query api, I'm just not sure how to write the painless script to do the subtraction update of the timestamp field.

any help appreciated.

thanks!

abdon · May 31, 2018, 8:15am

Something like this should work:

POST my_index/_update_by_query
{
  "query": {
    "match": {
      "field": "value"
    }
  },
  "script": {
    "source": "ctx._source.timestamp = OffsetDateTime.parse(ctx._source.timestamp).minusMinutes(1)"
  }
}

dboss101 · May 31, 2018, 9:13am

thank you very much!

dboss101 · May 31, 2018, 12:41pm

actually got an error while trying to run this...

{
"error": {
	"root_cause": [{
		"type": "script_exception",
		"reason": "runtime error",
		"script_stack": ["java.util.Objects.requireNonNull(Objects.java:228)", "java.time.format.DateTimeFormatter.parse(DateTimeFormatter.java:1848)", "java.time.OffsetDateTime.parse(OffsetDateTime.java:402)", "java.time.OffsetDateTime.parse(OffsetDateTime.java:387)", "ctx._timestamp = OffsetDateTime.parse(ctx._timestamp).minusMinutes(3)", "                                          ^---- HERE"],
		"script": "ctx._timestamp = OffsetDateTime.parse(ctx._timestamp).minusMinutes(3)",
		"lang": "painless"
	}],
	"type": "script_exception",
	"reason": "runtime error",
	"script_stack": ["java.util.Objects.requireNonNull(Objects.java:228)", "java.time.format.DateTimeFormatter.parse(DateTimeFormatter.java:1848)", "java.time.OffsetDateTime.parse(OffsetDateTime.java:402)", "java.time.OffsetDateTime.parse(OffsetDateTime.java:387)", "ctx._timestamp = OffsetDateTime.parse(ctx._timestamp).minusMinutes(3)", "                                          ^---- HERE"],
	"script": "ctx._timestamp = OffsetDateTime.parse(ctx._timestamp).minusMinutes(3)",
	"lang": "painless",
	"caused_by": {
		"type": "null_pointer_exception",
		"reason": "text"
	}
},
"status": 500
}

any idea what can be the issue here?

abdon · May 31, 2018, 8:19pm

You are using ctx._timestamp instead of ctx._source.timestamp (or ctx._source.fieldname, where fieldname is the name of the timestamp field you are trying to update).

system · June 28, 2018, 8:19pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How can i update all the values in specific field using update_by_query? Elasticsearch	3	1056	December 12, 2019
Update by query date field (painless) and add hours Elasticsearch painless	4	1375	November 16, 2020
How to fix date field value(change field value from int to string) Elasticsearch	2	2155	July 5, 2017
Incrementing Datetime field by one day in Elasticsearch Production Cluster using painless script Elasticsearch painless	2	231	May 9, 2022
Timestamp update Elasticsearch	3	1146	February 22, 2021

Update "timestamp" field by query (subtract time from the original field and reindex)

Related topics